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I. STATUS OF THE CLAIMS/GROUNDS FOR REJECTION 

Claims 9, 20, 31, and 42 have been canceled. 

Claims 1-6, 8, 12-17, 19, 23-28, 30, 34-39, and 41 were rejected under 35 U.S.C. 
§ 102(e) as being unpatentable over a combination of U.S. Patent No. 6,505,192 of Godwin et al. 
(Godwin), U.S. Patent No. 6,763,394 of Tuck, III et al. (Tuck), and a webpage based upon an 
article "Monitoring Ethemet Network Activity with NDIS Drivers" of Appama et al. {Apparna). 

Claims 7, 18, 29, and 40 were rejected under 35 U.S.C. § 103(a) as being unpatentable 
over the primary references in view of Japanese Patent No. 03 164866 of Kobayashi et al. 
{Kobayashi). 

Claims 10-11, 21-22, 32-33, and 43-44 were rejected under 35 U.S.C. § 103(a) as being 
unpatentable over the primary references in view of U.S. Patent No. 6,460,122 of Ottemess et al. 
{Otterness) and U.S. Patent No. 6,71 1,562 of Ross et al. {Ross), 

n. ARGUMENT 

Appellant has set forth in previous communications the impropemess of the combination 
of the references, and such arguments will not be repeated herein. However, Appellant maintains 
the argument that the references are not properly combinable, as well as the other arguments 
previously made. Nevertheless, Appellant limits the focus of this communication to addressing 
the merits of the cited references. 

Appellant previously set forth the merits of each reference separately, and then discussed 
the combination of the references. Appellant is thus unable to understand why the Examiner's 
Answer asserts on page 10 that Appellant has only addressed the references separately. Appellant 
respectfully submits that the references, whether alone or in combination, fail to disclose or 
suggest at least one feature of the claimed invention. 

As a first matter. Appellant respectfully submits that to provide a prima facie case of 
obviousness, a reasoned argument must be provided to show with particularity each and every 
element of the claimed invention in the cited references. Appellant respectfully submits that the 
Office Actions, as well as the Examiner's Answer fail to address the element of determining if 
the packet received at the device driver is an ingress packet or an egress packet. Such a feature is 
cited, for example, in claim 1, which recites: 
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receiving at a device driver a network packet having a corresponding 
security association (SA); 

determining if the packet is an ingress packet or an egress packet; 

determining for the packet a key value corresponding to the SA; 

if the packet is an ingress packet, hashing the key value to determine a 
location of an entry in an ingress lookup table, and if the packet is an egress 
packet, hashing the key value to determine a location of an entry in an egress 
lookup table, the entry in the ingress lookup table and the entry in the egress 
lookup table containing information corresponding to the SA, the ingress lookup 
table being a separate lookup table from the egress lookup table; 

retrieving from the entry an index to a location of the S A in memory; and 

retrieving the S A from memory based on the index. 

The determination of whether the packet is an ingress or egress packet is performed to determine 
which of two separate S A lookup tables will apply. It is assumed in Godwin that no such 
determination applies, because Godwin fails to disclose or suggest separate lookup tables, as 
mentioned in the Examiner's Answer at page 6. The Examiner's Answer then asserts that Tuck 
discloses such determining. Appellant traverses. 

Tuck discusses determining in a network router whether to pass packets from an ingress 
port to an egress port, or whether to drop the packets. See Abstract. Tuck makes no 
determination of whether a packet is an ingress or egress packet. In Tuck, all packets are 
forwarded through the device. A packet that is received (ingress) is also an outbound packet 
(egress), unless the packet is dropped. The only determination that is made is whether to drop the 
packet, not whether the packet is ingress or egress. According to the reference, in one 
implementation packets are only dropped on ingress (col. 5, lines 8 to 10), but the reference goes 
on in col. 5, lines 1 1 to 26 to discuss that a lookup is also performed at egress. Thus, Appellant 
submits that according to the reference, no determination of whether a packet is an ingress or 
egress packet is made, and none is needed because according to the system of Tuck, a lookup is 
performed at both ingress and egress. 

Appellant thus submits that the Godwin reference and the Tuck reference, whether alone 
or in any possible combination, fail to disclose or suggest determining whether a packet received 
at a device driver is an ingress or egress packet, as recited in the claimed invention. The cited 
references thus fail to disclose or suggest at least one element of the claimed invention, and so 
fail to render obvious the invention as recited in the claims. 
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The looking up of a pass/drop rule at an ingress port and the separate looking up of a 
pass-drop rule at an egress port of a packet forwarding device (i.e., a router) as discussed in Tuck 
fails to apply to the lookup of Security Associations within a device driver, as recited in 
Appellant's claims. The separate looking up of pass/drop rules at an ingress port and an egress 
port of a router fail to apply to the application of IPSec at network nodes as discussed in Godwin. 
Each reference is deficient separately, and no combination of the references can be reasonably 
interpreted as supporting a rejection of the claimed invention, for at least the reasons set forth 
above. 

As discussed previously, and as shown by the arguments in the Examiner's Answer at 
page 12, Appama is not cited for, nor does it cure the deficiencies pointed out above. Thus, 
combining the references discussed above with Appama fails to render obvious the claimed 



Vm. CONCLUSION 

Appellant respectfully submits this Reply as a matter of right, filed within the two month 
deadline of the mailing date of the Examiner's Answer. Appellant respectfully submits that all 
appealed claims in this application are patentable and request that the Board of Patent Appeals 
overrule the Examiner and direct allowance of the rejected claims. 



invention. 



Respectfully submitted. 



BLAKELY, SOKOLOFF, TAYLOR & ZAFMAN, LLP 



Date: July 12, 2006 




Vincent H. Anderson 
Reg. No. 54,962 



12400 Wilshire Blvd., 7th Floor 
Los Angeles, CA 90025-1026 
Telephone: (503) 439-8778 



I hereby certify that this correspondence is being deposited with the United States Postal 
service as first class mail on the below date with sufficient postage in an envelope 
addressed to: Mail Stop Appeal Brief-Patents, Commissioner for Patents, P.O. Box 1450 
Alexandria, VA 22313-1450 



Signature (^^lCiAfX\ ^ 7/12/06 




[yie Bekish Date 
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APPENDIX A: CLAIMS ON APPEAL 



1. (Previously Presented) A method comprisiiag: 

receiving at a device driver a network packet having a corresponding security association 

(SA); 

determining if the packet is an ingress packet or an egress packet; 

determining for the packet a key value corresponding to the SA; 

if the packet is an ingress packet, hashing the key value to determine a location of an 
entry in an ingress lookup table, and if the packet is an egress packet, hashing the key value to 
determine a location of an entry in an egress lookup table, the entry in the ingress lookup table 
and the entry in the egress lookup table containing information corresponding to the SA, the 
ingress lookup table being a separate lookup table from the egress lookup table; 

retrieving from the entry an index to a location of the SA in memory; and 

retrieving the SA from memory based on the index. 

2. (Previously Presented) The method of claim 1 wherein receiving the network packet 
comprises the device driver being passed an egress packet from an electronic system operating 
system. 

3. (Previously Presented) The method of claim 1 wherein receiving the network packet 
comprises the device driver being passed an ingress packet from a network interface device. 

4. (Original) The method of claim 1 wherein the key value is a handle created for the S A for 
an egress packet. 

5. (Original) The method of claim 1 wherein the key value is a security parameter index 
(SPI) extracted from the packet for an ingress packet. 

6. (Original) The method of claim 1 wherein the lookup table entry comprises the key value 
and the index. 

7. (Original) The method of claim 6 wherein the lookup table entry further comprises a 
counter to track collisions for the entry. 

8. (Previously Presented) The method of claim 1 further comprising the location in memory 
of an S A corresponding to egress traffic being in a first table, and the location in memory of an 
S A corresponding to ingress traffic being in a second table, the tables being separate tables in 
memory. 
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9. (Canceled) 

10. (Original) The method of claim 1 further comprising supporting a number of network 
traffic streams, wherein the lookup table has 2^ entries, where N is an integer, 2^ being the 
lowest binary number greater than five times the number of network traffic streams supported. 

11. (Previously Presented) The method of claim 1 wherein hashing the key value comprises 
using a bit- wise AND hash function with a mask of value 2^-1, where N is an integer, wherein 
the hash table contains 2^ entries. 

12. (Previously Presented) An article comprising a machine-accessible medium to provide 
content to cause one or more electronic systems to: 

receive at a device driver a network packet having a corresponding security association 

(SA); 

determine if the packet is an ingress packet or an egress packet; 
determine for the packet a key value corresponding to the S A; 

if the packet is an ingress packet, hash the key value to determine a location of an entry in 
an ingress lookup table, and if the packet is an egress packet, hash the key value to determine a 
location of an entry in an egress lookup table, the entry in the ingress lookup table and the entry 
in the egress lookup table containing information corresponding to the SA, the ingress lookup 
table being a separate lookup table from the egress lookup table; 

retrieve from the entry an index to a location of the SA in memory; and 

retrieve the S A from memory based on the index. 

13. (Previously Presented) The article of claim 12 wherein to receive the network packet 
comprises the device driver to be passed an egress packet from an electronic system operating 
system. 

14. (Previously Presented) The article of claim 12 wherein to receive the network packet 
comprises the device driver to be passed an ingress packet from a network interface device. 

15. (Original) The article of claim 12 wherein the key value is a handle created for the SA for 
an egress packet. 

16. (Original) The article of claim 12 wherein the key value is a security parameter index 
(SPI) extracted from the packet for an ingress packet. 

17. (Original) The article of claim 12 wherein the lookup table entry comprises the key value 
and the index. 
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18. (Original) The article of claim 17 wherein the lookup table entry further comprises a 
counter to track collisions for the entry. 

19. (Previously Presented) The article of claim 12 further comprising the location in memory 
of an SA corresponding to egress traffic being in a first table, and the location in memory of an 

S A corresponding to ingress traffic being in a second table, the tables being separate tables in 
memory. 

20. (Canceled) 

21. (Original) The article of claim 12 further comprising to support a number of network 
traffic streams, wherein the lookup table has 2^ entries, where N is an integer, 2^ being the 
lowest binary number greater than five times the number of network traffic streams supported. 

22. (Previously Presented) The article of claim 12 wherein to hash the key value comprises 
using a bit- wise AND hash function with a mask of value 2^-1, where N is an integer, wherein 
the hash table contains 2^ entries. 

23. (Withdrawn) An electronic data signal embodied in a data communications medium 
shared among a plurality of network devices comprising content to cause one or more electronic 
systems to; 

receive at a device driver a network packet having a corresponding security association 

(SA); 

determine if the packet is an ingress packet or an egress packet; 
determine for the packet a key value corresponding to the SA; 

if the packet is an ingress packet, hash the key value to determine a location of an entry in 
an ingress lookup table, and if the packet is an egress packet, hash the key value to determine a 
location of an entry in an egress lookup table, the entry in the ingress lookup table and the entry 
in the egress lookup table containing information corresponding to the S A, the ingress lookup 
table being a separate lookup table fi"om the egress lookup table; 

retrieve from the entry an index to a location of the SA in memory; and 

retrieve the SA from memory based on the index. 

24. (Withdrawn) The electronic data signal of claim 23 wherein to receive the network 
packet comprises the device driver to be passed an egress packet from an electronic system 
operating system. 
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25. (Withdrawn) The electronic data signal of claim 23 wherein to receive the network 
packet comprises the device driver to be passed an ingress packet from a network interface 
device. 

26. (Original) The electronic data signal of claim 23 wherein the key value is a handle 
created for the S A for an egress packet. 

27. (Original) The electronic data signal of claim 23 wherein the key value is a security 
parameter index (SPI) extracted from the packet for an ingress packet. 

28. (Original) The electronic data signal of claim 23 wherein the lookup table entry 
comprises the key value and the index. 

29. (Original) The electronic data signal of claim 28 wherein the lookup table entry further 
comprises a counter to track collisions for the entry. 

30. (Withdrawn) The electronic data signal of claim 23 further comprising the location in 
memory of an SA corresponding to egress traffic being in a first table, and the location in 
memory of an S A corresponding to ingress traffic being in a second table, the tables being 
separate tables in memory. 

31. (Canceled) 

32. (Withdrawn) The electronic data signal of claim 23 further comprising to support a 
mmiber of network traffic streams, wherein the lookup table has 2^ entries, where N is an 
integer, 2^ being the lowest binary number greater than five times the number of network traffic 
streams supported. 

33. (Withdrawn) The electronic data signal of claim 23 wherein to hash the key value 
comprises using a bit- wise AND hash function with a mask of value 2^-1, where N is an integer, 
wherein the hash table contains 2^ entries. 

34". (Previously Presented) An electronic system comprising: 
one or more processors; 

a network interface coupled with the one or more processors to provide a 
communications path between the electronic system and a network, the network interface to have 
a corresponding device driver to be executed on one or more of the processors; and 

a memory coupled with the one or more processors, the memory to have a program to 
provide instructions for the electronic system to receive at the device driver a network packet 
having a corresponding security association (SA), the program to determine if the packet is an 
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ingress packet or an egress packet, to determine for the packet a key value corresponding to the 
SA, and if the packet is an ingress packet, hash the key value to determine a location of an entry 
in an ingress lookup table, and if the packet is an egress packet, hash the key value to determine 
a location of an entry in an egress lookup table, the entry in the ingress lookup table and the entry 
in the egress lookup table containing information corresponding to the SA, the ingress lookup 
table being a separate lookup table from the egress lookup table, to retrieve from the entry an 
index to a location of the SA in memory, and to retrieve the SA from memory based on the 
index. 

35. (Previously Presented) The electronic system of claim 34 wherein the program to receive 
the network packet comprises the device driver to be passed an egress packet from an operating 
system. 

36. (Previously Presented) The electronic system of claim 34 wherein the program to receive 
the network packet comprises the device driver to be passed an ingress packet from the network 
interface. 

37. (Original) The electronic system of claim 34 wherein the key value is a handle created for 
the S A for an egress packet. 

38. (Original) The electronic system of claim 34 wherein the key value is a security 
parameter index (SPI) extracted from the packet for an ingress packet. 

39. (Original) The electronic system of claim 34 wherein the lookup table entry comprises 
the key value and the index. 

40. (Original) The electronic system of claim 39 wherein the lookup table entry ftirther 
comprises a counter to track collisions for the entry. 

41. (Previously Presented) The electronic system of claim 34 further comprising the location 
in memory of an SA corresponding to egress traffic being in a first table, and the location in 
memory of an SA corresponding to ingress traffic being in a second table, the tables being 
separate tables in memory. 

42. (Canceled) 

43. (Original) The electronic system of claim 34 further comprising the program to support a 
number of network traffic streams, wherein the lookup table has 2^ entries, where N is an 
integer, 2^ being the lowest binary number greater than five times the number of network traffic 
streams supported. 
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44. (Previously Presented) The electronic system of claim 34 wherein to hash the key value 
comprises using a bit- wise AND hash function with a mask of value 2^-1, where N is an integer, 
wherein the hash table contains 2^ entries. 
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